Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ran sdfix which removed many problems but it still seems infected. [So

Started by mywoes , Feb 20 2009 09:30 PM

  • This topic is locked This topic is locked

#16
handhfan
Posted 21 February 2009 - 06:09 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

RegLock::
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Tour]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserChosenExecuteHandlers]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\UserDefaults]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{4b7a0957-fd70-11d9-b907-806d6172696f}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{7e398540-6c85-11da-a706-806d6172696f}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{450D8FBA-AD25-11D0-98A8-0800361B1103}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\CleanupWiz]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asmx]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aspx]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ivf]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppt\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\OpenWithProgids]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\OpenWithProgids]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rf]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rjs]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rjs\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\OpenWithProgids]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm\OpenWithProgids]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmm\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmp]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmp\OpenWithProgids]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmp\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rms]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rms\OpenWithProgids]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rms\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmx]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmx\OpenWithProgids]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmx\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rnx]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rnx\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rp]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rp\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsml]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsml\OpenWithProgids]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsml\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rt]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rt\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rtf\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv\OpenWithProgids]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rv\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\OpenWithProgids]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\OpenWithProgids]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ssm]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ssm\OpenWithProgids]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ssm\UserChoice]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wri]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a47b55-fa3e-11d9-bcc9-e8ae451cafa3}\shell]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a47b56-fa3e-11d9-bcc9-e8ae451cafa3}\shell]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a47b57-fa3e-11d9-bcc9-e8ae451cafa3}\shell]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a47b58-fa3e-11d9-bcc9-e8ae451cafa3}\shell]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\InternetPhotoPrinting]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\InternetPhotoPrinting\Providers\Snapfish]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\AnimateMinMax]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ComboBoxAnimation]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\CursorShadow]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DragFullWindows]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DropShadow]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\FontSmoothing]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListBoxSmoothScrolling]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewAlphaSelect]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewShadow]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\ListviewWatermark]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\MenuAnimation]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\SelectionFade]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TaskbarAnimations]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\Themes]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TooltipAnimation]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\WebView]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{053F9267-DC04-4294-A72C-58F732D338C0}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{47833539-D0C5-4125-9FA8-0819E2EAAC93}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4EDCB26C-D24C-4e72-AF07-B576699AC0DE}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{52A2AAAE-085D-4187-97EA-8C30DB990436}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5CA3D70E-1895-11CF-8E15-001234567890}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7390f3d8-0439-4c05-91e3-cf5cb290c3d0}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7584c670-2274-4efb-b00b-d6aaba6d3850}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A8533C62-9399-4640-B36B-D1DDE91EB8B1}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA58ED58-01DD-4D91-8333-CF10577473F7}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE7CD045-E861-484F-8273-0445EE161910}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCCCCCD3-666F-4F81-8B69-745DE9F6D897}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCCCCCDB-4DDB-4703-95D4-DD2C526397BF}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D27CDB6E-AE6D-11CF-96B8-444553540000}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E0019445-4C1F-414D-A70E-AD80F231C584}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E008A543-CEFB-4559-912F-C27C2B89F13B}]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\iecompat]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\ietld]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009020920090216]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009021620090217]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009021720090218]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009021820090219]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009021920090220]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009022020090221]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012009022120090222]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\PrivacIE:]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Content]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Cookies]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\History]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Media Center\Settings\AutoScan]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Webcheck\Store.1]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]

RegNull::
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C71B26DC-AE9F-824E-D74D-1F72DEA879CF}\*]

Registry::
[-HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C71B26DC-AE9F-824E-D74D-1F72DEA879CF}]

Reboot::



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

Advertisements

#17
mywoes
Posted 21 February 2009 - 07:18 PM

mywoes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
OK. I am a little lost. I have been having real difficulty getting into this forum. Let me see if this posts.
  • 0

#18
mywoes
Posted 21 February 2009 - 07:27 PM

mywoes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
So I want to make sure I understand your instructions (sorry for being gone so long, but I had web browser problems). You want me to do another script in ComboFix as in you last post. The question I have before I do this is that each time I have run combofix when it reboots I do not see the taskbar. I have had to sue the taskmanager to load the explore. I cannot now make the task manager work and I am concerned that I will not be able to get to the explorer.
  • 0

#19
handhfan
Posted 21 February 2009 - 07:59 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
What does it say when you try to run Task Manager?
  • 0

#20
mywoes
Posted 21 February 2009 - 08:07 PM

mywoes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
It does nothing. I can get to the task manager if I right click on the task bar, but when I last rebooted that would not have been an option.
  • 0

#21
mywoes
Posted 21 February 2009 - 08:14 PM

mywoes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I think I just found the problem. I went into the control panel and unchecked the options for how users log onto the computer (i.e., Use the Welcome Screen and Fast User Switching) and now the task manager comes up on ctrl-alt-del. Should I use the last script file you posted. By the way, were you able to see the logs I uploaded rather than copying into the post?
  • 0

#22
handhfan
Posted 21 February 2009 - 08:15 PM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
Yep. But don't always do it. Just when logs are really long. This new log from ComboFix should be much shorter (I hope). :)
  • 0

#23
mywoes
Posted 21 February 2009 - 08:47 PM

mywoes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here is the ComboFix Log:

ComboFix 09-02-19.01 - William Miller 2009-02-21 20:21:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2498 [GMT -6:00]
Running from: c:\documents and settings\William Miller\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\William Miller\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 )))))))))))))))))))))))))))))))
.

2009-02-21 18:21 . 2009-02-21 18:21 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-21 09:11 . 2009-02-21 09:11 <DIR> d-------- c:\documents and settings\William Miller\Application Data\Malwarebytes
2009-02-20 20:34 . 2009-02-21 09:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 20:34 . 2009-02-20 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 20:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 20:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-20 05:53 . 2009-02-20 05:53 <DIR> d-------- c:\program files\Trend Micro
2009-02-19 20:42 . 2009-02-19 20:42 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-19 20:22 . 2009-02-19 20:22 <DIR> d-------- c:\windows\ERUNT
2009-02-19 20:09 . 2009-02-19 21:18 <DIR> d-------- C:\SDFix
2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d-------- c:\program files\Seagate
2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Seagate
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\windows\system32\drivers\NAV
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\NortonInstaller
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\Norton AntiVirus
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-18 22:01 . 2009-02-18 22:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-02-18 22:01 . 2009-02-18 22:05 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-18 22:01 . 2009-02-18 22:05 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-18 22:01 . 2009-02-18 22:01 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-02-18 22:01 . 2009-02-18 22:05 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-18 22:01 . 2009-02-18 22:05 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-18 19:23 . 2009-02-18 19:23 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo
2009-02-18 18:57 . 2009-02-18 18:57 <DIR> d-------- c:\program files\iolo
2009-02-18 18:57 . 2009-02-11 19:10 936,288 --a------ c:\windows\system32\Incinerator.dll
2009-02-18 18:57 . 2008-09-24 09:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe
2009-02-18 18:57 . 2008-04-17 09:45 9,341 --a------ c:\windows\system32\drivers\filedisk.sys
2009-02-18 18:57 . 2008-11-18 11:51 8,192 --a------ c:\windows\system32\smrgdf.exe
2009-02-18 18:57 . 2009-02-18 18:57 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2009-02-18 18:55 . 2009-02-18 18:57 <DIR> d-------- c:\documents and settings\William Miller\Application Data\iolo
2009-02-18 18:55 . 2009-02-18 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2009-02-17 19:19 . 2009-02-17 19:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SmitFraudFixTool
2009-02-17 18:47 . 2009-02-17 18:47 <DIR> d-------- c:\documents and settings\William Miller\Application Data\SmitFraudFixTool
2009-02-17 18:05 . 2009-02-17 18:05 <DIR> d--hs---- c:\windows\system32\config\systemprofile\PrivacIE
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\UserData
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\PrivacIE
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\IECompatCache
2009-02-17 16:57 . 2009-02-17 16:57 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-02-17 14:41 . 2009-02-18 21:09 32,768 --a------ c:\windows\system32\drivers\ati6eyxx.sys
2009-02-17 12:59 . 2009-02-17 12:59 104,960 --a------ c:\windows\system32\dllcache\userinit.exe
2009-02-17 12:57 . 2009-02-17 18:35 303,616 -rahs---- c:\windows\system32\javarun.exe
2009-02-17 12:57 . 2009-02-17 12:57 77,312 --a------ c:\windows\system32\javame.exe
2009-02-17 07:27 . 2009-02-17 07:27 <DIR> d--hs---- c:\documents and settings\William Miller\IECompatCache
2009-02-01 19:34 . 2009-02-01 19:34 <DIR> d-------- C:\New Folder
2009-02-01 19:06 . 2009-02-01 19:06 <DIR> d-------- c:\program files\GetData
2009-02-01 19:01 . 2009-02-01 19:01 <DIR> d-------- c:\documents and settings\William Miller\Application Data\CyberLink
2009-01-31 16:51 . 2008-04-13 13:46 51,200 --a------ c:\windows\system32\drivers\msdv.sys
2009-01-31 16:51 . 2008-04-13 13:46 51,200 --a------ c:\windows\system32\dllcache\msdv.sys
2009-01-31 16:51 . 2008-04-13 13:46 48,128 --a------ c:\windows\system32\dllcache\61883.sys
2009-01-31 16:51 . 2008-04-13 13:46 38,912 --a------ c:\windows\system32\drivers\avc.sys
2009-01-31 16:51 . 2008-04-13 13:46 38,912 --a------ c:\windows\system32\dllcache\avc.sys
2009-01-31 16:48 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\drivers\ohci1394.sys
2009-01-31 16:48 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\dllcache\ohci1394.sys
2009-01-31 16:48 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\drivers\1394bus.sys
2009-01-31 16:48 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\dllcache\1394bus.sys
2009-01-31 16:48 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-01-31 16:48 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\dllcache\enum1394.sys
2009-01-31 13:35 . 2009-01-31 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-01-31 13:21 . 2009-01-31 13:21 <DIR> d--hs---- c:\documents and settings\William Miller\IETldCache
2009-01-31 13:13 . 2009-01-31 13:14 <DIR> d--h-c--- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 02:22 --------- d-----w c:\program files\Web Publish
2009-02-20 03:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-20 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-20 01:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-19 04:05 --------- d-----w c:\program files\Symantec
2009-02-19 03:38 --------- d-----w c:\program files\Norton Security Scan
2009-02-02 01:02 --------- d-----w c:\documents and settings\William Miller\Application Data\DVD Flick
2009-02-01 23:58 --------- d-----w c:\documents and settings\William Miller\Application Data\vlc
2009-01-27 16:24 --------- d-----w c:\program files\Stunt Track Driver
2009-01-01 08:12 --------- d-----w c:\program files\ImageConverter Plus
2008-12-25 01:49 --------- d-----w c:\program files\Google
2008-12-23 22:20 --------- d-----w c:\documents and settings\William Miller\Application Data\dvdcss
2008-09-26 02:06 376 ----a-w c:\documents and settings\William Miller\jobq.dat
2008-09-20 00:49 47,316 ----a-w c:\program files\uninstal.log
2006-02-19 22:16 774,144 ----a-w c:\program files\RngInterstitial.dll
2005-12-06 00:28 916,806 ------w c:\program files\Dec2005_MDX1_x86.cab
2005-12-06 00:28 86,925 ------w c:\program files\Oct2005_xinput_x64.cab
2005-12-06 00:28 46,247 ------w c:\program files\Oct2005_xinput_x86.cab
2005-12-06 00:28 41,888 ------w c:\program files\dxdllreg_x86.cab
2005-12-06 00:28 3,673,932 ------w c:\program files\Dec2005_MDX1_x86_Archive.cab
2005-12-06 00:28 1,358,864 ------w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-06 00:27 1,080,344 ------w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-10-28 01:30 4,488,480 ----a-w c:\documents and settings\Ryan\WordStars2.01_setup.exe
2008-07-23 00:36 1,890 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-25 13:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082520080826\index.dat
.

------- Sigcheck -------

2004-08-10 04:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2009-02-17 12:59 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\userinit.exe
2009-02-17 12:59 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-21_15.01.22.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-19 01:23:22 1,487,272 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-21 21:20:02 1,413,248 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-22 02:28:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Distillr\Acrotray.exe" [2004-12-14 483328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-26 316728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2005-07-26 25214]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-07-21 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.VQJK"= DC31DEC.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6eyxx.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^William Miller^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\William Miller\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^William Miller^Start Menu^Programs^Startup^Screen Saver Control.lnk]
path=c:\documents and settings\William Miller\Start Menu\Programs\Startup\Screen Saver Control.lnk
backup=c:\windows\pss\Screen Saver Control.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 15:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 03:04 59392 c:\windows\ehome\ehtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\javarun.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1002000.007\SymEFA.sys [2009-02-18 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-02-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-02-18 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-02-18 274808]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-30 161064]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-18 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-18 712048]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-02-18 115560]
R2 SoftwareDownloadCenter;Software Download Center;c:\srccode\SDCService\SDCService.exe [2007-09-28 1560403]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-07-26 9817]
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable;c:\windows\system32\drivers\vacjrmkd.sys [2007-05-05 35624]
S0 ati6eyxx;ati6eyxx;c:\windows\system32\drivers\ati6eyxx.sys [2009-02-17 32768]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2005-12-27 515803]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-07-26 137392]
S3 KodakPPCAM;Kodak EZ200 DIGITAL CAMERA;c:\windows\system32\drivers\dc31vid.sys [2006-04-08 430336]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2006-04-12 38272]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\DRIVERS\sustucap.sys --> c:\windows\system32\DRIVERS\sustucap.sys [?]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2006-04-12 21376]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2005-12-27 10986]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-02-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 19:49]

2009-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3192582744-3556994540-3364813709-1005.job
- c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 18:42]

2009-02-22 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{00951C02-5731-44e9-B2F5-544EC2279417} - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll
DPF: {0C528348-18DC-4ECE-819B-624E226028DA} - hxxp://wsso.mmm.com/Frontier_program_launcher.CAB
DPF: {4BECECDE-E494-4F69-A3DE-DA0B77726307} - hxxp://legalwebdev.mmm.com/WorkSite/includes/iManFile.cab
DPF: {53D1658C-D028-49B6-9C26-2C41665718FE} - hxxp://intra4.mmm.com/sdc/cabs/SDC.CAB
FF - ProfilePath - c:\documents and settings\William Miller\Application Data\Mozilla\Firefox\Profiles\jq1hyu27.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.lds.org/ldsorg/v/index.jsp?vgnextoid=e419fb40e21cef00VgnVCM1000001f5e340aRCRD|about:blank
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 20:29:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a47b55-fa3e-11d9-bcc9-e8ae451cafa3}\shell\Autoplay\DropTarget]
@DACL=(02 0000)
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a47b56-fa3e-11d9-bcc9-e8ae451cafa3}\shell\Autoplay\DropTarget]
@DACL=(02 0000)
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a47b57-fa3e-11d9-bcc9-e8ae451cafa3}\shell\Autoplay\DropTarget]
@DACL=(02 0000)
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a47b58-fa3e-11d9-bcc9-e8ae451cafa3}\shell\Autoplay\DropTarget]
@DACL=(02 0000)
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\InternetPhotoPrinting\Providers\DellPictureStudio]
@DACL=(02 0000)
"Description"="Order Kodak-quality prints of all your digital pictures, delivered worldwide"
"displayName"="Dell Picture Studio Printing by Ofoto©"
"HREF"="http://www.ofoto.com...d=529235084103"
"IconPath"="c:/Dell/Dellstudio4.7.ico"
"SupportedTypes"="*.jpeg; *.jpg"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C71B26DC-AE9F-824E-D74D-1F72DEA879CF}*]
"eacindhcii"=hex:66,61,61,6a,6d,64,6f,6f,67,63,6f,64,00,31
"dadiccdp"=hex:64,62,6f,68,6a,6d,6d,6b,61,6e,66,64,64,61,70,68,64,70,69,62,69,
63,62,65,6a,62,6c,63,6e,70,6a,67,6c,63,6c,62,65,6e,61,6e,00,00
"iakhllngmbjjanopkk"=hex:6a,61,67,6d,68,6a,6c,67,66,68,70,6f,62,68,6d,62,64,68,
6b,6f,00,00
"haigfmoehchnboek"=hex:6a,61,67,6d,68,6a,6c,67,66,68,70,6f,62,68,6d,62,64,68,
6b,6f,00,00
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lotus\Notes\nslsvice.exe
c:\program files\Lotus\Notes\nsl.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-02-21 20:41:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-22 02:41:33
ComboFix2.txt 2009-02-21 22:50:32
ComboFix3.txt 2009-02-21 21:03:20

Pre-Run: 135,316,865,024 bytes free
Post-Run: 135,290,884,096 bytes free

Current=2 Default=2 Failed=4 LastKnownGood=3 Sets=1,2,3,4
322 --- E O F --- 2009-02-11 09:13:38
  • 0

#24
mywoes
Posted 21 February 2009 - 08:48 PM

mywoes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here is the Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43, on 2009-02-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\lotus\notes\nslsvice.exe
C:\Program Files\lotus\notes\nsl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Srccode\SDCService\SDCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {E0019445-4C1F-414D-A70E-AD80F231C584} - (no file)
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: ZuneIt - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C528348-18DC-4ECE-819B-624E226028DA} (Frontier.Frontier_Launcher) - http://wsso.mmm.com/...am_launcher.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {4BECECDE-E494-4F69-A3DE-DA0B77726307} (WebTransferCtrl Class) - http://legalwebdev.m...es/iManFile.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {53D1658C-D028-49B6-9C26-2C41665718FE} (RequestX.SDC) - http://intra4.mmm.com/sdc/cabs/SDC.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161823591093
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast....ostClientIE.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://3msource.3m....acbvf6EstuImzy
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://us-mail-16.mmm.com/dwa7W.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://3msource.3m....uniperSetup.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\lotus\notes\nslsvice.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Software Download Center (SoftwareDownloadCenter) - 3M - C:\Srccode\SDCService\SDCService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 12349 bytes
  • 0

#25
handhfan
Posted 23 February 2009 - 11:47 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

RegLock::
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a47b55-fa3e-11d9-bcc9-e8ae451cafa3}\shell\Autoplay\DropTarget]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\InternetPhotoPrinting\Providers\DellPictureStudio]

RegNull::
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C71B26DC-AE9F-824E-D74D-1F72DEA879CF}*]

Registry::
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a47b55-fa3e-11d9-bcc9-e8ae451cafa3}\shell\Autoplay\DropTarget]
[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C71B26DC-AE9F-824E-D74D-1F72DEA879CF}*]

Reboot::



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


After reboot, (in case it asks to reboot), please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

Please post the ComboFix log, GMER log, and a new HijackThis log in your next reply.
  • 0

Advertisements

#26
mywoes
Posted 23 February 2009 - 03:01 PM

mywoes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Hi. Thanks for all of your help. Please note that when I ran the GMER tool it worked differently than you described. It appeared to do a scan automatically. After it opened there were a number of boxes cheked on the right hand side, but no box that indicated check all. When I clicked on scan nothing happened. So I just clicked save and have posted the log it created here along with the latest ComboFix and Hijackthis logs.

GMER
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-23 14:51:53
Windows 5.1.2600 Service Pack 3


---- Devices - GMER 1.0.14 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.14 ----

ComboFix

ComboFix 09-02-19.01 - William Miller 2009-02-23 14:20:56.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2430 [GMT -6:00]
Running from: c:\documents and settings\William Miller\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\William Miller\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Outdated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-23 to 2009-02-23 )))))))))))))))))))))))))))))))
.

2009-02-21 18:21 . 2009-02-21 18:21 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-21 09:11 . 2009-02-21 09:11 <DIR> d-------- c:\documents and settings\William Miller\Application Data\Malwarebytes
2009-02-20 20:34 . 2009-02-21 09:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-20 20:34 . 2009-02-20 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-20 20:34 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-20 20:34 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-20 05:53 . 2009-02-20 05:53 <DIR> d-------- c:\program files\Trend Micro
2009-02-19 20:42 . 2009-02-19 20:42 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-02-19 20:22 . 2009-02-19 20:22 <DIR> d-------- c:\windows\ERUNT
2009-02-19 20:09 . 2009-02-19 21:18 <DIR> d-------- C:\SDFix
2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d-------- c:\program files\Seagate
2009-02-19 19:05 . 2009-02-19 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Seagate
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\windows\system32\drivers\NAV
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\Windows Sidebar
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\NortonInstaller
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\program files\Norton AntiVirus
2009-02-18 22:01 . 2009-02-18 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-18 22:01 . 2009-02-18 22:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-02-18 22:01 . 2009-02-18 22:05 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-18 22:01 . 2009-02-18 22:05 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-18 22:01 . 2009-02-18 22:01 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-02-18 22:01 . 2009-02-18 22:05 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-18 22:01 . 2009-02-18 22:05 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-18 19:23 . 2009-02-18 19:23 <DIR> d-------- c:\documents and settings\LocalService\Application Data\iolo
2009-02-18 18:57 . 2009-02-18 18:57 <DIR> d-------- c:\program files\iolo
2009-02-18 18:57 . 2009-02-11 19:10 936,288 --a------ c:\windows\system32\Incinerator.dll
2009-02-18 18:57 . 2008-09-24 09:32 28,672 --a------ c:\windows\system32\iolobtdfg.exe
2009-02-18 18:57 . 2008-04-17 09:45 9,341 --a------ c:\windows\system32\drivers\filedisk.sys
2009-02-18 18:57 . 2008-11-18 11:51 8,192 --a------ c:\windows\system32\smrgdf.exe
2009-02-18 18:57 . 2009-02-18 18:57 406 --a------ c:\windows\system32\ioloBootDefrag.cfg
2009-02-18 18:55 . 2009-02-18 18:57 <DIR> d-------- c:\documents and settings\William Miller\Application Data\iolo
2009-02-18 18:55 . 2009-02-18 19:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2009-02-17 19:19 . 2009-02-17 19:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SmitFraudFixTool
2009-02-17 18:47 . 2009-02-17 18:47 <DIR> d-------- c:\documents and settings\William Miller\Application Data\SmitFraudFixTool
2009-02-17 18:05 . 2009-02-17 18:05 <DIR> d--hs---- c:\windows\system32\config\systemprofile\PrivacIE
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\UserData
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\PrivacIE
2009-02-17 17:46 . 2009-02-17 17:46 <DIR> d--hs---- c:\documents and settings\LocalService\IECompatCache
2009-02-17 16:57 . 2009-02-17 16:57 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-02-17 14:41 . 2009-02-18 21:09 32,768 --a------ c:\windows\system32\drivers\ati6eyxx.sys
2009-02-17 12:59 . 2009-02-17 12:59 104,960 --a------ c:\windows\system32\dllcache\userinit.exe
2009-02-17 12:57 . 2009-02-17 18:35 303,616 -rahs---- c:\windows\system32\javarun.exe
2009-02-17 12:57 . 2009-02-17 12:57 77,312 --a------ c:\windows\system32\javame.exe
2009-02-17 07:27 . 2009-02-17 07:27 <DIR> d--hs---- c:\documents and settings\William Miller\IECompatCache
2009-02-01 19:34 . 2009-02-01 19:34 <DIR> d-------- C:\New Folder
2009-02-01 19:06 . 2009-02-01 19:06 <DIR> d-------- c:\program files\GetData
2009-02-01 19:01 . 2009-02-01 19:01 <DIR> d-------- c:\documents and settings\William Miller\Application Data\CyberLink
2009-01-31 16:51 . 2008-04-13 13:46 51,200 --a------ c:\windows\system32\drivers\msdv.sys
2009-01-31 16:51 . 2008-04-13 13:46 51,200 --a------ c:\windows\system32\dllcache\msdv.sys
2009-01-31 16:51 . 2008-04-13 13:46 48,128 --a------ c:\windows\system32\dllcache\61883.sys
2009-01-31 16:51 . 2008-04-13 13:46 38,912 --a------ c:\windows\system32\drivers\avc.sys
2009-01-31 16:51 . 2008-04-13 13:46 38,912 --a------ c:\windows\system32\dllcache\avc.sys
2009-01-31 16:48 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\drivers\ohci1394.sys
2009-01-31 16:48 . 2008-04-13 13:46 61,696 --a------ c:\windows\system32\dllcache\ohci1394.sys
2009-01-31 16:48 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\drivers\1394bus.sys
2009-01-31 16:48 . 2008-04-13 13:46 53,376 --a------ c:\windows\system32\dllcache\1394bus.sys
2009-01-31 16:48 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-01-31 16:48 . 2001-08-17 13:46 6,400 --a------ c:\windows\system32\dllcache\enum1394.sys
2009-01-31 13:35 . 2009-01-31 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-01-31 13:21 . 2009-01-31 13:21 <DIR> d--hs---- c:\documents and settings\William Miller\IETldCache
2009-01-31 13:13 . 2009-01-31 13:14 <DIR> d--h-c--- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-23 06:09 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-22 02:22 --------- d-----w c:\program files\Web Publish
2009-02-20 03:31 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-20 01:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-19 04:05 --------- d-----w c:\program files\Symantec
2009-02-19 03:38 --------- d-----w c:\program files\Norton Security Scan
2009-02-02 01:02 --------- d-----w c:\documents and settings\William Miller\Application Data\DVD Flick
2009-02-01 23:58 --------- d-----w c:\documents and settings\William Miller\Application Data\vlc
2009-01-27 16:24 --------- d-----w c:\program files\Stunt Track Driver
2009-01-01 08:12 --------- d-----w c:\program files\ImageConverter Plus
2008-12-25 01:49 --------- d-----w c:\program files\Google
2008-12-23 22:20 --------- d-----w c:\documents and settings\William Miller\Application Data\dvdcss
2008-09-26 02:06 376 ----a-w c:\documents and settings\William Miller\jobq.dat
2008-09-20 00:49 47,316 ----a-w c:\program files\uninstal.log
2006-02-19 22:16 774,144 ----a-w c:\program files\RngInterstitial.dll
2005-12-06 00:28 916,806 ------w c:\program files\Dec2005_MDX1_x86.cab
2005-12-06 00:28 86,925 ------w c:\program files\Oct2005_xinput_x64.cab
2005-12-06 00:28 46,247 ------w c:\program files\Oct2005_xinput_x86.cab
2005-12-06 00:28 41,888 ------w c:\program files\dxdllreg_x86.cab
2005-12-06 00:28 3,673,932 ------w c:\program files\Dec2005_MDX1_x86_Archive.cab
2005-12-06 00:28 1,358,864 ------w c:\program files\Dec2005_d3dx9_28_x64.cab
2005-12-06 00:27 1,080,344 ------w c:\program files\Dec2005_d3dx9_28_x86.cab
2005-10-28 01:30 4,488,480 ----a-w c:\documents and settings\Ryan\WordStars2.01_setup.exe
2008-07-23 00:36 1,890 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-08-25 13:38 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082520080826\index.dat
.

------- Sigcheck -------

2004-08-10 04:00 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 18:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe
2009-02-17 12:59 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\userinit.exe
2009-02-17 12:59 104960 ffd414d64080785952f88436a9167e1f c:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-21_15.01.22.39 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-19 01:23:22 1,487,272 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-21 21:20:02 1,413,248 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-23 20:25:29 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Distillr\Acrotray.exe" [2004-12-14 483328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4583424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-26 316728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-30 177448]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2005-07-26 25214]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-07-21 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.VQJK"= DC31DEC.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6eyxx.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^William Miller^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
path=c:\documents and settings\William Miller\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^William Miller^Start Menu^Programs^Startup^Screen Saver Control.lnk]
path=c:\documents and settings\William Miller\Start Menu\Programs\Startup\Screen Saver Control.lnk
backup=c:\windows\pss\Screen Saver Control.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 15:19 53248 c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2004-08-10 03:04 59392 c:\windows\ehome\ehtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Nortel Networks\\Extranet.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\javarun.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1002000.007\SymEFA.sys [2009-02-18 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2009-02-18 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2009-02-18 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [2009-02-18 274808]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-30 161064]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-18 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2009-02-18 712048]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2009-02-18 115560]
R2 SoftwareDownloadCenter;Software Download Center;c:\srccode\SDCService\SDCService.exe [2007-09-28 1560403]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2005-07-26 9817]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-18 99376]
R3 EuMusDesignVirtualAudioCableWdm_jrm;MuvEnum Virtual Cable;c:\windows\system32\drivers\vacjrmkd.sys [2007-05-05 35624]
S0 ati6eyxx;ati6eyxx;c:\windows\system32\drivers\ati6eyxx.sys [2009-02-17 32768]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2005-12-27 515803]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2005-07-26 137392]
S3 KodakPPCAM;Kodak EZ200 DIGITAL CAMERA;c:\windows\system32\drivers\dc31vid.sys [2006-04-08 430336]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2006-04-12 38272]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\DRIVERS\sustucap.sys --> c:\windows\system32\DRIVERS\sustucap.sys [?]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2006-04-12 21376]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2005-12-27 10986]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-02-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-02-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-02-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 19:49]

2009-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3192582744-3556994540-3364813709-1005.job
- c:\documents and settings\William Miller\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 18:42]

2009-02-23 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: {{00951C02-5731-44e9-B2F5-544EC2279417} - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll
DPF: {0C528348-18DC-4ECE-819B-624E226028DA} - hxxp://wsso.mmm.com/Frontier_program_launcher.CAB
DPF: {4BECECDE-E494-4F69-A3DE-DA0B77726307} - hxxp://legalwebdev.mmm.com/WorkSite/includes/iManFile.cab
DPF: {53D1658C-D028-49B6-9C26-2C41665718FE} - hxxp://intra4.mmm.com/sdc/cabs/SDC.CAB
FF - ProfilePath - c:\documents and settings\William Miller\Application Data\Mozilla\Firefox\Profiles\jq1hyu27.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.lds.org/ldsorg/v/index.jsp?vgnextoid=e419fb40e21cef00VgnVCM1000001f5e340aRCRD|about:blank
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-23 14:26:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\controlset002\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a47b56-fa3e-11d9-bcc9-e8ae451cafa3}\shell\Autoplay\DropTarget]
@DACL=(02 0000)
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a47b57-fa3e-11d9-bcc9-e8ae451cafa3}\shell\Autoplay\DropTarget]
@DACL=(02 0000)
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"

[HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a47b58-fa3e-11d9-bcc9-e8ae451cafa3}\shell\Autoplay\DropTarget]
@DACL=(02 0000)
"CLSID"="{f26a669a-bcbb-4e37-abf9-7325da15f931}"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lotus\Notes\nslsvice.exe
c:\program files\Lotus\Notes\nsl.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-02-23 14:36:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-23 20:36:12
ComboFix2.txt 2009-02-22 02:41:42
ComboFix3.txt 2009-02-21 22:50:32
ComboFix4.txt 2009-02-21 21:03:20

Pre-Run: 135,316,279,296 bytes free
Post-Run: 135,290,359,808 bytes free

Current=2 Default=2 Failed=4 LastKnownGood=3 Sets=1,2,3,4
311 --- E O F --- 2009-02-11 09:13:38

Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53, on 2009-02-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\lotus\notes\nslsvice.exe
C:\Program Files\lotus\notes\nsl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Srccode\SDCService\SDCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: (no name) - {E0019445-4C1F-414D-A70E-AD80F231C584} - (no file)
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: ZuneIt - {00951C02-5731-44e9-B2F5-544EC2279417} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C528348-18DC-4ECE-819B-624E226028DA} (Frontier.Frontier_Launcher) - http://wsso.mmm.com/...am_launcher.CAB
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcente...trolLite_EN.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmar...martActivia.cab
O16 - DPF: {4BECECDE-E494-4F69-A3DE-DA0B77726307} (WebTransferCtrl Class) - http://legalwebdev.m...es/iManFile.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {53D1658C-D028-49B6-9C26-2C41665718FE} (RequestX.SDC) - http://intra4.mmm.com/sdc/cabs/SDC.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1161823591093
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast....ostClientIE.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://3msource.3m....acbvf6EstuImzy
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://us-mail-16.mmm.com/dwa7W.cab
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave...ownloadCtrl.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://3msource.3m....uniperSetup.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.co....cab?10,0,910,0
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\lotus\notes\nslsvice.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Software Download Center (SoftwareDownloadCenter) - 3M - C:\Srccode\SDCService\SDCService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 12208 bytes
  • 0

#27
handhfan
Posted 24 February 2009 - 12:29 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

The log for OTListIt2 will be very long and may not fit in one post, since there is a character limit on posts. Please make sure that it didn't get cut off, and feel free to post the rest of it in a separate reply. :)

Edited by handhfan, 24 February 2009 - 12:29 AM.

  • 0

#28
mywoes
Posted 24 February 2009 - 07:04 AM

mywoes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here is the OTListIt

OTListIt logfile created on: 2009-02-24 05:44:59 - Run
OTListIt2 by OldTimer - Version 2.0.1.1 Folder = C:\Documents and Settings\William Miller\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: | Country: | Language: | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.89 Gb Available in Paging File | 97.24% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 126.02 Gb Free Space | 55.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICEDESKTOP
Current User Name: William Miller
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\lotus\notes\nslsvice.exe (IBM Corp)
PRC - C:\Program Files\lotus\notes\nsl.exe (IBM Corp)
PRC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Srccode\SDCService\SDCService.exe (3M)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
PRC - C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Distillr\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\HPWUCli.exe (Hewlett-Packard)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Documents and Settings\William Miller\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FreeAgentGoNext Service [Auto | Running]) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (HPSLPSVC [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (IAANTMon [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ioloFileInfoList [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (ioloSystemService [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lotus Notes Single Logon [Auto | Running]) -- C:\Program Files\lotus\notes\nslsvice.exe (IBM Corp)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (Norton AntiVirus [Auto | Running]) -- C:\Program Files\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe (Symantec Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (SoftwareDownloadCenter [Auto | Running]) -- C:\Srccode\SDCService\SDCService.exe (3M)
SRV - (SymWSC [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AFS2K [System | Running]) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASPI32 [System | Running]) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (ati6eyxx [Boot | Stopped]) -- C:\WINDOWS\System32\Drivers\ati6eyxx.sys ()
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (BHDrvx86 [System | Running]) -- C:\WINDOWS\system32\drivers\NAV\1002000.007\BHDrvx86.sys (Symantec Corporation)
DRV - (Ca533av [Auto | Stopped]) -- C:\WINDOWS\System32\Drivers\Ca533av.sys (Digital Camera)
DRV - (ccHP [System | Running]) -- C:\WINDOWS\system32\drivers\NAV\1002000.007\ccHPx86.sys (Symantec Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (CO_Mon [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\CO_Mon.sys ()
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (Eacfilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\eacfilt.sys (Nortel Networks)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (elagopro [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\elaunidr.sys (Gteko Ltd.)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (EuMusDesignVirtualAudioCableWdm_jrm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\vacjrmkd.sys ()
DRV - (FileDisk [System | Running]) -- C:\WINDOWS\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HPZid412 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (iastor [Boot | Running]) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (IDSxpx86 [System | Running]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys (Symantec Corporation)
DRV - (IPSECEXT [Auto | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (IPSECSHM [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys (Nortel Networks NA, Inc.)
DRV - (KodakPPCAM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DC31VID.sys (Eastman Kodak Company.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (NAL [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\iqvw32.sys (Intel Corporation )
DRV - (NAVENG [On_Demand | Stopped]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081202.022\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Stopped]) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081202.022\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\system32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SRTSP [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\NAV\1002000.007\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\system32\drivers\NAV\1002000.007\SRTSPX.SYS (Symantec Corporation)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (StillCam [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (SUSTUCAM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sustucam.sys (Susteen, Inc.)
DRV - (SUSTUCAU [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sustucau.sys (Susteen, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEFA [Boot | Running]) -- C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMEFA.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMIDS.SYS (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tbhsd [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (TIEHDUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (USBCamera [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Bulk533.sys (USB BULK)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {E0019445-4C1F-414D-A70E-AD80F231C584} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup File not found
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" (Seagate LLC)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0C528348-18DC-4ECE-819B-624E226028DA} http://wsso.mmm.com/...am_launcher.CAB (Frontier.Frontier_Launcher)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://downloadcente...trolLite_EN.cab (DjVuCtl Class)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {4BECECDE-E494-4F69-A3DE-DA0B77726307} http://legalwebdev.m...es/iManFile.cab (WebTransferCtrl Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {53D1658C-D028-49B6-9C26-2C41665718FE} http://intra4.mmm.com/sdc/cabs/SDC.CAB (RequestX.SDC)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1161823591093 (MUWebControl Class)
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} http://host.oddcast....ostClientIE.cab (hostCntrlIE Class)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://3msource.3m....acbvf6EstuImzy (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://us-mail-16.mmm.com/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} http://www.shockwave...ownloadCtrl.cab (BTDownloadCtrl Control)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://3msource.3m....uniperSetup.cab (JuniperSetup Control)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.co....cab?10,0,910,0 (DigWebHelper Class)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\William Miller\Desktop\*.tmp files]
[2009-02-24 05:43:30 | 00,494,080 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\William Miller\Desktop\OTListIt2.exe
[2009-02-23 14:54:49 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-02-23 14:52:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Desktop\Desktop
[2009-02-23 14:45:05 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009-02-23 14:45:04 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009-02-23 14:45:04 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009-02-23 14:45:04 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009-02-23 14:45:04 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009-02-23 14:41:59 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\gmer.zip
[2009-02-21 18:21:04 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009-02-21 16:10:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Desktop\Fix Programs Used
[2009-02-21 14:44:00 | 32,192,96256 | -HS- | C] () -- C:\hiberfil.sys
[2009-02-21 13:56:15 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-02-21 13:56:15 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-02-21 13:56:15 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-02-21 13:56:15 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-02-21 13:56:15 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-02-21 13:56:15 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-02-21 13:56:15 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-02-21 13:56:15 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-02-21 13:56:15 | 00,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-02-21 13:56:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-02-21 13:56:03 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-02-21 13:55:38 | 02,923,468 | R--- | C] () -- C:\Documents and Settings\William Miller\Desktop\Combo-Fix.exe
[2009-02-21 09:11:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Application Data\Malwarebytes
[2009-02-20 20:34:58 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-02-20 20:34:55 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-02-20 20:34:54 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009-02-20 20:34:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-02-20 05:53:55 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\HijackThis.lnk
[2009-02-20 05:53:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009-02-19 21:16:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Application Data\WinRAR
[2009-02-19 20:42:02 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009-02-19 20:22:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009-02-19 20:11:07 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009-02-19 20:11:04 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009-02-19 20:09:42 | 00,000,000 | ---D | C] -- C:\SDFix
[2009-02-19 19:05:33 | 00,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2009-02-19 19:05:24 | 00,000,000 | ---D | C] -- C:\Program Files\Seagate
[2009-02-19 19:05:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009-02-18 22:09:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Local Settings\Application Data\Symantec
[2009-02-18 22:07:46 | 00,589,142 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\Cat.DB
[2009-02-18 22:01:58 | 00,036,272 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009-02-18 22:01:53 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009-02-18 22:01:53 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009-02-18 22:01:53 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009-02-18 22:01:53 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009-02-18 22:01:48 | 00,001,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2009-02-18 22:01:47 | 00,309,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\SymEFA.sys
[2009-02-18 22:01:47 | 00,306,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\srtsp.sys
[2009-02-18 22:01:47 | 00,198,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\symtdi.sys
[2009-02-18 22:01:47 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\symfw.sys
[2009-02-18 22:01:47 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\srtspx.sys
[2009-02-18 22:01:47 | 00,040,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\symndisv.sys
[2009-02-18 22:01:47 | 00,037,424 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\symndis.sys
[2009-02-18 22:01:47 | 00,034,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\symids.sys
[2009-02-18 22:01:47 | 00,024,624 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\symredrv.sys
[2009-02-18 22:01:47 | 00,012,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\symdns.sys
[2009-02-18 22:01:46 | 00,362,544 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\cchpx86.sys
[2009-02-18 22:01:46 | 00,255,536 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\BHDrvx86.sys
[2009-02-18 22:01:36 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\SymEFA.inf
[2009-02-18 22:01:36 | 00,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\ccHPx86.inf
[2009-02-18 22:01:36 | 00,001,609 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\SymNet.inf
[2009-02-18 22:01:36 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\srtspx.inf
[2009-02-18 22:01:36 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\srtsp.inf
[2009-02-18 22:01:36 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\BHDrvx86.inf
[2009-02-18 22:01:36 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\isolate.ini
[2009-02-18 22:01:26 | 00,010,858 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\SymNet.cat
[2009-02-18 22:01:26 | 00,010,609 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\ccHPx86.cat
[2009-02-18 22:01:26 | 00,008,428 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\SymEFA.cat
[2009-02-18 22:01:26 | 00,008,390 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\srtspx.cat
[2009-02-18 22:01:26 | 00,008,386 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\srtsp.cat
[2009-02-18 22:01:26 | 00,008,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\BHDrvx86.CAT
[2009-02-18 22:01:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1002000.007
[2009-02-18 22:01:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2009-02-18 22:01:23 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009-02-18 22:01:23 | 00,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2009-02-18 22:01:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009-02-18 22:01:12 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009-02-18 22:01:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009-02-18 18:57:51 | 00,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2009-02-18 18:57:13 | 00,936,288 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009-02-18 18:57:12 | 00,009,341 | ---- | C] (iolo technologies, LLC (based on original work by Bo Brantén)) -- C:\WINDOWS\System32\drivers\filedisk.sys
[2009-02-18 18:57:08 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2009-02-18 18:57:08 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2009-02-18 18:57:06 | 00,000,000 | ---D | C] -- C:\Program Files\iolo
[2009-02-18 18:55:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Application Data\iolo
[2009-02-18 18:55:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009-02-17 18:47:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Application Data\SmitFraudFixTool
[2009-02-17 18:03:30 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009-02-17 14:41:57 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\ati6eyxx.sys
[2009-02-17 12:59:42 | 00,104,960 | ---- | C] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009-02-17 12:57:51 | 00,303,616 | RHS- | C] () -- C:\WINDOWS\System32\javarun.exe
[2009-02-17 12:57:51 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\javame.exe
[2009-02-16 20:18:45 | 01,196,942 | ---- | C] () -- C:\Documents and Settings\William Miller\Desktop\Nicki Eric.jpg
[2009-02-11 22:05:13 | 00,080,384 | ---- | C] () -- C:\Documents and Settings\William Miller\My Documents\TRain Pictures.ppt
[2009-02-11 22:03:47 | 00,059,392 | ---- | C] () -- C:\Documents and Settings\William Miller\My Documents\Train Ad.ppt
[2009-02-10 12:59:51 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\William Miller\My Documents\girls for cultural event.doc
[2009-02-09 13:50:20 | 00,026,112 | ---- | C] () -- C:\Documents and Settings\William Miller\My Documents\VOLUNTEER SIGN- choir.doc
[2009-02-05 15:54:11 | 00,353,792 | ---- | C] () -- C:\Documents and Settings\William Miller\My Documents\MGJH.APP.doc
[2009-02-04 18:26:45 | 00,023,086 | ---- | C] () -- C:\Documents and Settings\William Miller\My Documents\Bibliography ALP.rtf
[2009-02-01 19:34:10 | 00,000,000 | ---D | C] -- C:\New Folder
[2009-02-01 19:10:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DVD Files
[2009-02-01 19:06:12 | 00,000,000 | ---D | C] -- C:\Program Files\GetData
[2009-02-01 19:01:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\My Documents\Cyberlink
[2009-02-01 19:01:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Application Data\CyberLink
[2009-02-01 19:01:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Local Settings\Application Data\PowerDVD
[2009-02-01 15:37:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\My Documents\dvd
[2009-01-31 16:51:25 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2009-01-31 16:51:25 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2009-01-31 16:51:19 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\avc.sys
[2009-01-31 16:51:19 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avc.sys
[2009-01-31 16:51:14 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\61883.sys
[2009-01-31 16:48:56 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2009-01-31 16:48:56 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\enum1394.sys
[2009-01-31 16:48:54 | 00,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ohci1394.sys
[2009-01-31 16:48:54 | 00,061,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ohci1394.sys
[2009-01-31 16:48:54 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2009-01-31 16:48:54 | 00,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\1394bus.sys
[2009-01-31 13:35:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009-01-31 13:34:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\Local Settings\Application Data\Downloaded Installations
[2009-01-31 13:13:44 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009-01-27 11:59:24 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\William Miller\My Documents\Readdressing Instructions.doc
[2009-01-27 10:02:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\William Miller\My Documents\IceMan 2009

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2 C:\Documents and Settings\William Miller\Desktop\*.tmp files]
[2009-02-24 05:42:44 | 00,494,080 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\William Miller\Desktop\OTListIt2.exe
[2009-02-24 05:42:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2009-02-24 05:01:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009-02-24 01:10:20 | 00,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3192582744-3556994540-3364813709-1005.job
[2009-02-24 01:10:20 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009-02-23 14:50:55 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009-02-23 14:45:04 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009-02-23 14:45:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009-02-23 14:45:04 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009-02-23 14:40:56 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\gmer.zip
[2009-02-23 14:27:19 | 00,002,239 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009-02-23 14:26:55 | 00,007,275 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-02-23 14:26:26 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009-02-23 14:26:03 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-02-23 14:25:13 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-02-23 14:25:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-02-23 14:25:05 | 32,192,96256 | -HS- | M] () -- C:\hiberfil.sys
[2009-02-22 17:38:13 | 00,496,752 | ---- | M] () -- C:\Documents and Settings\William Miller\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009-02-21 20:22:14 | 00,000,085 | -HS- | M] () -- C:\Documents and Settings\William Miller\My Documents\desktop.ini
[2009-02-21 15:41:34 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-02-21 15:20:02 | 01,413,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-02-21 15:10:07 | 00,001,518 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2009-02-21 13:51:08 | 02,923,468 | R--- | M] () -- C:\Documents and Settings\William Miller\Desktop\Combo-Fix.exe
[2009-02-21 08:35:17 | 00,105,881 | ---- | M] () -- C:\log.html
[2009-02-20 09:22:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-02-20 05:53:55 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\William Miller\Desktop\HijackThis.lnk
[2009-02-19 20:42:02 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009-02-19 19:05:33 | 00,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seagate Manager.lnk
[2009-02-18 22:08:06 | 00,589,142 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\Cat.DB
[2009-02-18 22:05:00 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009-02-18 22:05:00 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009-02-18 22:05:00 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009-02-18 22:05:00 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009-02-18 22:04:46 | 00,001,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2009-02-18 22:01:47 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\SymEFA.sys
[2009-02-18 22:01:47 | 00,306,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\srtsp.sys
[2009-02-18 22:01:47 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\symtdi.sys
[2009-02-18 22:01:47 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\symfw.sys
[2009-02-18 22:01:47 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\srtspx.sys
[2009-02-18 22:01:47 | 00,040,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\symndisv.sys
[2009-02-18 22:01:47 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\symndis.sys
[2009-02-18 22:01:47 | 00,036,272 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009-02-18 22:01:47 | 00,034,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\symids.sys
[2009-02-18 22:01:47 | 00,024,624 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\symredrv.sys
[2009-02-18 22:01:47 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\symdns.sys
[2009-02-18 22:01:46 | 00,362,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\cchpx86.sys
[2009-02-18 22:01:46 | 00,255,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1002000.007\BHDrvx86.sys
[2009-02-18 22:01:36 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\SymEFA.inf
[2009-02-18 22:01:36 | 00,001,754 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\ccHPx86.inf
[2009-02-18 22:01:36 | 00,001,609 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\SymNet.inf
[2009-02-18 22:01:36 | 00,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\srtspx.inf
[2009-02-18 22:01:36 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\srtsp.inf
[2009-02-18 22:01:36 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\BHDrvx86.inf
[2009-02-18 22:01:36 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\isolate.ini
[2009-02-18 22:01:26 | 00,010,858 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\SymNet.cat
[2009-02-18 22:01:26 | 00,010,609 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1002000.007\ccHPx86.cat
[2009-02-18 22:01:26 | 00,008,428 | ---- | M]
  • 0

#29
mywoes
Posted 24 February 2009 - 07:07 AM

mywoes

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here is the Extras report:

OTListIt Extras logfile created on: 2009-02-24 05:44:59 - Run
OTListIt2 by OldTimer - Version 2.0.1.1 Folder = C:\Documents and Settings\William Miller\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: | Country: | Language: | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.89 Gb Available in Paging File | 97.24% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 126.02 Gb Free Space | 55.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICEDESKTOP
Current User Name: William Miller
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL (America Online, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Nortel Networks\Extranet.exe:*:Enabled:Contivity VPN Client (Nortel Networks NA, Inc.)
C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard (Microsoft Corporation)
C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client (Hewlett-Packard)
C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® (Microsoft Corporation)
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary (Sun Microsystems, Inc.)
C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk (Google)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax (Intuit, Inc.)
C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager (Intuit, Inc.)
C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console (Microsoft Corporation)
C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test (Microsoft Corporation)
C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax (Intuit, Inc.)
C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager (Intuit, Inc.)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe ()
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe (Hewlett-Packard Co.)
C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer (RealNetworks, Inc.)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (Mozilla Corporation)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\WINDOWS\system32\javarun.exe:*:Enabled:Explorer ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.5 SE Basic
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = USB-IrDA Adapter
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{16D9439B-DF3D-43D1-A727-4B335300D07A}" = OverDrive Media Console
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1DB5BDA2-1D0C-4213-8190-C587B14F6800}" = ZuneIEPlugin
"{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}" = Scrapbook Flair
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24C2FFDE-A8E8-4873-B66F-2B918069A03E}" = Student Life
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{324CEC09-007A-48eb-90E0-9D42D4D5EB0A}" = NetDeviceManager
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{36BD0774-6CD6-4FF9-A148-83CA09AC123E}" = Intel® PROSafe for Wired Connections
"{39F8D2F6-7755-40DE-A21F-D47B97164CE6}" = YP-F1
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{403EF592-953B-4794-BCEF-ECAB835C2095}" = Intel® PROSafe for Wired Connections
"{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4D472BD7-7600-49E7-81AA-1930DC671E01}" = Dark Basic Professional Trial
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}" = Adobe Media Player
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{619B8475-0F48-41B7-A370-5147F7092989}" = Virtual Earth 3D (Beta)
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{638FE33C-FD84-4B5F-82CD-C01EF4B335BA}" = TurboCAD v9
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80A2A967-C1B7-412D-B2B2-C4A33209C205}" = Garmin POI Loader
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3
"{8619D8AC-9B4F-4C42-A71E-F842B8247EE6}" = TurboCAD Symbols
"{8704D51E-25B7-4F23-81E7-AA4F54790230}" = Microsoft MapPoint North America 2004
"{87B481FA-1E4A-40B0-80C3-157E9770F436}" = DataPilot Pix 'n Tunes
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9580CFC7-24C4-4A8C-8C28-2B174109FC2A}" = Recipe Manager
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{99792928-DAED-48A4-90DD-F95E7B347884}" = Nutrition Analyser
"{A0E54EC6-EA51-4088-A6EE-BEF1D1D128AB}" = Lotus Notes 7.0.2
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A53A1A49-C3EA-406c-B87C-8E02B622D605}" = C7200_doccd
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B616F589-DDE9-4079-85B1-594FFED4E374}" = The 3D Gamemaker
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD76AF27-5CD9-4848-87FC-12285A90AE6A}" = c7200_Help
"{C0880630-A6BA-4409-A24E-8083E5E0F92A}" = Digital Photo Resizer
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C7FE35A5-6395-4F26-AFCE-5CDF2480F3FB}" = Barudan TES Viewer
"{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}" = Sibelius Scorch (ActiveX Only)
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{D00353E1-9A80-11D8-A6E6-0000E24CCC1B}" = Digital Camera
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2F5287E-5F0E-447B-9157-B08AA4E2AC76}" = Opera 9.60
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{D9A0D2AC-24F9-4D99-9B68-BD0A4F95A4C4}" = Jahshaka
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DEB3B2CB-0590-49C9-BFC4-29CAC7A5EE2B}" = 1st Pricing
"{DFA1E2C8-A9DE-4B99-8B3C-866664B5F67C}" = Garmin POI Loader
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}" = Sansa Updater
"{E34351A4-4B10-4DFF-96BC-84C642D9C625}" = The Print Shop 22
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EF964A78-078C-11D1-B7A7-0000C0134CE6}" = Nortel Networks Contivity VPN Client
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6727074-BF89-4A3E-A5F7-CB36C521E674}" = Motion Director
"{F6D0FF05-0B73-436C-B35C-B8392FF17E2A}" = Home Budget
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"3-D_Ghost_Ship_Demo" = 3-D_Ghost_Ship_Demo Screen Saver
"Able Batch Converter_is1" = Able Batch Converter 3.0.7.5
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"alotToolbar" = ALOT Toolbar
"AltoMP3 Gold" = AltoMP3 Gold 5.20
"Amazing Fractal Art 2001" = Amazing Fractal Art 2001 Screen Saver
"Amazing Universe Screen Saver" = Amazing Universe Screen Saver
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"Astro Gemini Screensaver Manager_is1" = Astro Gemini Screensaver Manager 1.2
"Atomic Clock Sync" = Atomic Clock Sync
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"Avidemux 2.4" = Avidemux 2.4
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Burn My Files_is1" = Burn My Files
"BuzzEditV2" = BuzzEditV2
"Chandler" = Chandler 0.7.5.1
"Christmas Time 3D Screensaver_is1" = Christmas Time 3D Screensaver 1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Collage Maker" = Collage Maker 2.03
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Flight Simulator 3.0" = Microsoft Combat Flight Simulator 3.1
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Data Doctor Recovery Pen Drive (Demo) 3.0.1.5" = Data Doctor Recovery Pen Drive (Demo) 3.0.1.5
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Digital Media Converter_is1" = Digital Media Converter 2.78
"Dolphin Aqua Life 3D Screensaver" = Dolphin Aqua Life 3D Screensaver
"DVD Flick_is1" = DVD Flick
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0033)
"ESPNMotion" = ESPNMotion
"eWork 1.6" = eWork 1.6
"ExpressBurn" = Express Burn
"Family Feud" = Family Feud
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"Freez 3GP Video Converter_is1" = Freez 3GP Video Converter 2.0
"Game Maker 6.1" = Game Maker 6.1
"Google Updater" = Google Updater
"GoogleVideoViewer" = Google Video Viewer 1.0 (based on VLC 0.8.2 Player)
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"Ice Storm" = Ice Storm Screen Saver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8 Release Candidate 1
"ImageConverter Plus_is1" = ImageConverter Plus 7.1
"IMS Web Dwarf V2" = IMS Web Dwarf V2
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{87B481FA-1E4A-40B0-80C3-157E9770F436}" = DataPilot Pix 'n Tunes
"InstallShield_{B1D89E54-08B1-4542-A69B-E634AEF10A40}" = Seagate Manager Installer
"InstallShield_{D9A0D2AC-24F9-4D99-9B68-BD0A4F95A4C4}" = Jahshaka
"iSofter DVD Audio Ripper Deluxe_is1" = iSofter DVD Audio Ripper Deluxe 2.1.2006.828
"Kodak EZ200 DIGITAL CAMERA" = Kodak EZ200 DIGITAL CAMERA Installation
"Liquid Saver" = Liquid Saver
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.6)" = Mozilla Firefox (3.0.6)
"Musicnotes Player_is1" = Musicnotes Player V1.23.1 and Viewer
"MuvAudio2" = MuvAudio2
"MyWaySearchAssistantDE" = My Way Search Assistant
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"OpenLibraries" = OpenLibraries
"PAF Insight" = PAF Insight
"PeriodicTableFlashCards_is1" = PeriodicTableFlashCards 1
"PhoTagsExpress" = PhoTags Express
"Picasa 3" = Picasa 3
"Pixillion" = Pixillion Image Converter
"PROSetDX" = Intel® PRO Network Connections Software v9.2.4.11
"RapidTyping" = RapidTyping
"Reader Rabbit Personalized 1st Grade" = Reader Rabbit Personalized 1st Grade
"ReadyToPrint Organizer 4" = ReadyToPrint Organizer
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"RecipeCatalog" = RecipeCatalog
"Registry Mechanic_is1" = Registry Mechanic 8.0
"RehearScore" = RehearScore
"RiftSpace" = RiftSpace
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"RollerCoaster Tycoon Setup" = Roll
"Sametime Client v6.5.1" = Sametime Client v6.5.1
"Serif WebPlus 6.0" = Serif WebPlus 6.0
"SmartMusic 11" = SmartMusic 11
"Software Download Center Client" = Software Download Center Client
"StreetPlugin" = Learn2 Player (Uninstall Only)
"StudyMinder LITE_is1" = StudyMinder LITE 2.3
"Stunt Track Driver" = Stunt Track Driver
"Sunplus CA533A" = Icatch(IV) Camera Driver
"Switch" = Switch Uninstall
"SysInfo" = Creative System Information
"Temples Across America_is1" = Temples Across America
"Tulip Swirl Screen Saver" = Tulip Swirl Screen Saver
"tunebite_is1" = tunebite 3.0.1.8
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"TypeFaster" = TypeFaster Typing Tutor
"Video Edit Magic 4_is1" = Video Edit Magic 4.2
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.8a
"WavePad" = WavePad Uninstall
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WebPost" = Microsoft Web Publishing Wizard 1.52
"West_Point_Bridge_Designer_2006" = West Point Bridge Designer 2006
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Media Center Edition Screen Saver Screen Saver" = Windows XP Media Center Edition Screen Saver Screen Saver
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2007
"Word Stars_is1" = Word Stars 2.01
"ZENcast Organizer" = ZENcast Organizer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-02-21 15:35:19 | Computer Name = OFFICEDESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: WordPerfect Office 12 -- Error 1706.No valid source could
be found for product WordPerfect Office 12. The Windows Installer cannot continue.

Error - 2009-02-21 15:35:25 | Computer Name = OFFICEDESKTOP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00d28690.

Error - 2009-02-21 15:35:55 | Computer Name = OFFICEDESKTOP | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module InetCntrl0011.dll, version 5.0.0.0, fault address 0x00008690.

Error - 2009-02-21 15:39:59 | Computer Name = OFFICEDESKTOP | Source = Application Error | ID = 1000
Description = Faulting application googleupdate.exe, version 1.2.131.7, faulting
module googleupdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2009-02-21 15:40:22 | Computer Name = OFFICEDESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: WordPerfect Office 12 -- Error 1706.No valid source could
be found for product WordPerfect Office 12. The Windows Installer cannot continue.

Error - 2009-02-21 17:00:47 | Computer Name = OFFICEDESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: WordPerfect Office 12 -- Error 1706.No valid source could
be found for product WordPerfect Office 12. The Windows Installer cannot continue.

Error - 2009-02-21 17:06:28 | Computer Name = OFFICEDESKTOP | Source = Google Update | ID = 20
Description =

Error - 2009-02-21 17:22:20 | Computer Name = OFFICEDESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Sonic Update Manager -- Error 1706. An installation package
for the product Sonic Update Manager cannot be found. Try the installation again
using a valid copy of the installation package 'UM.MSI'.

Error - 2009-02-21 17:35:24 | Computer Name = OFFICEDESKTOP | Source = MsiInstaller | ID = 11706
Description = Product: Jasc Paint Shop Photo Album 5 -- Error 1706.No valid source
could be found for product Jasc Paint Shop Photo Album 5. The Windows Installer
cannot continue.

Error - 2009-02-21 17:54:41 | Computer Name = OFFICEDESKTOP | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 2009-02-24 03:01:00 | Computer Name = OFFICEDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2009-02-24 03:01:00 | Computer Name = OFFICEDESKTOP | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 2009-02-24 04:01:00 | Computer Name = OFFICEDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2009-02-24 04:01:00 | Computer Name = OFFICEDESKTOP | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 2009-02-24 05:01:00 | Computer Name = OFFICEDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2009-02-24 05:01:00 | Computer Name = OFFICEDESKTOP | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 2009-02-24 06:01:00 | Computer Name = OFFICEDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2009-02-24 06:01:00 | Computer Name = OFFICEDESKTOP | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2

Error - 2009-02-24 07:01:00 | Computer Name = OFFICEDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2009-02-24 07:01:00 | Computer Name = OFFICEDESKTOP | Source = Service Control Manager | ID = 7000
Description = The Automatic Updates service failed to start due to the following
error: %%2


< End of report >
  • 0

#30
handhfan
Posted 24 February 2009 - 10:44 AM

handhfan

    Trusted Helper

  • Expert
  • 13,659 posts
  • Please double-click OTListIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Reg
[-HKEY_USERS\S-1-5-21-3192582744-3556994540-3364813709-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6a47b56-fa3e-11d9-bcc9-e8ae451cafa3}]

:Commands
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTListIt2, right click in the "Custom Scans/Fixes" window (under the light blue bar) and choose Paste.
  • Click the red Run Fix button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTListIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTListIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Please also post a new ComboFix log.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP